If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

GRC: Port 1026 is Closed not Stealthed

I'm running ZA Security Suite 6.1.744.000, XP Pro SP2 connected to the internet via a Speedtouch USB modem, no router.
I have reinatalled ZA numerous times and encounter the following problem.
Using netstat I find that the ISAFE.EXE usually has port 1026 listening on local address 127.0.0.1, remote address 0.0.0.0.
ISAFE.EXE is configured to NOT act as a server for the internet zone.
If I use GRC to probe port 1026 the the port is reported as closed instead of stealthed? All other ports are reported by GRC as being stealthed. Why is port 1026 reports as being closed
when
ISAFE.EXE is configured to
NOT act as a server in the internet zone?
If I explicitly set up a
PROGRAM expert rule for ISAFE.EXE to block access to port 1026
when the source is the internet zone then GRC STILL reports that the port is closed when it should be stealthed. Why?
If I set up a
PROGRAM expert rule for ISAFE.EXE to block access to ALL ports when the source is the internet zone then GRC STILL reports that the port is closed when it should be stealthed. Why?
If I set up an identical
FIREWALL expert rule for
to block access to port 1026
when the source is the internet zone then GRC correctly reports
port 1026 as being stealthed.
I cannot understand why ZA is apparently allowing ISAFE.EXE to act as a server in the internet zone by not stealthing port 1026.
I cannot understand why ZA is apparently ignoring
the program rule for ISAFE.EXE
which is intended to
block all inbound access from the internet when an identical firewall rule works.
Can anyone help me understand what is going on?

Re: GRC: Port 1026 is Closed not Stealthed

Hi When following up the port information at grc.com in regards to port 1026, it should indicate that 1026 is also used for DCOM. Many things are listening on the ports of the system and should appear to be closed, at the very least or stealthed by the Zone Alarm firewall. Perhaps changing the DCOM to off or disabling it will show the port 1026 as it should- stealthed. Take care Oldsod

Re: GRC: Port 1026 is Closed not Stealthed

A little knowledge can be a dangerous thing and interent security is no exception. Computer security is all about risk management. Before you allow or disallow a program to have server rights or internet access, you should understand exactly what it is that a program does. Do you know what &quot;isafe.exe&quot; does? Do you know why it wants access to the internet?

Firstly, a port being closed (as opposed to stealth) does not constitute a security risk. Even a port being OPEN is not a security risk, it just affords an increased level of risk. To be a security risk an attacher trying to get through your firewall needs a program on the inside that is listening on a specific port, and can respond to the commands it is being sent.

There are some programs which need server rights including most of the instant messenger services (MSN, Yahoo and Skype), Apache (which is a web server) and FTP servers. It just so happens that ISAFE.EXE needs to act as a server because it is part of Computer Associates eTrust AntiVirus which keeps your Internet security product up to date. ISAFE.EXE listens for connection requests from Computer Associates and manages downloading of the AV updates when they become available. Given that this is the AV in ZASS, it is possible that ZASS is internally configured to allow ISAFE.EXE the correct access rights (overriding your settings) to ensure it functiones properly.

Finally, 127.0.0.1 is the loopback adaptor (a fancy way of saying your own computer) and Netstat is telling you that ISAFE.EXE is listen for connection requests from you rown PC. On th eother hand, 0.0.0.0 is not a valid IP address for use on the Internet.